36f7fddcea9b92869a582e43772f86e17d996d73b9f172ff5be834c1f8649a18

General

Target

6777d1c63e11aeafacfb47a0bb505672_JaffaCakes118
Size

1.7MB
Sample

240522-q2z8sade71
MD5

6777d1c63e11aeafacfb47a0bb505672
SHA1

adc269db01b7a96da27459c5f3652ae9a5947dc6
SHA256

36f7fddcea9b92869a582e43772f86e17d996d73b9f172ff5be834c1f8649a18
SHA512

dce9e1e5cc4f8c4668cac8e39c4b52f5a2560220aed94cf972d29ce2fbe34fcc8e9ef340f7de29491b827af099ec7c5ae8a7a82d9e72eac51fbeb359e42a098d
SSDEEP

49152:VVni4ZT5MQdRL/2dZb5aWivyWGwyLY8Xt3HOPIqGXSh5:Ti4ZTaQdIl5m6lw0Pd3nK

Score

8^/10

Malware Config

Targets

- Target
  
  6777d1c63e11aeafacfb47a0bb505672_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  6777d1c63e11aeafacfb47a0bb505672
- SHA1
  
  adc269db01b7a96da27459c5f3652ae9a5947dc6
- SHA256
  
  36f7fddcea9b92869a582e43772f86e17d996d73b9f172ff5be834c1f8649a18
- SHA512
  
  dce9e1e5cc4f8c4668cac8e39c4b52f5a2560220aed94cf972d29ce2fbe34fcc8e9ef340f7de29491b827af099ec7c5ae8a7a82d9e72eac51fbeb359e42a098d
- SSDEEP
  
  49152:VVni4ZT5MQdRL/2dZb5aWivyWGwyLY8Xt3HOPIqGXSh5:Ti4ZTaQdIl5m6lw0Pd3nK
Score

8^/10

banker discovery evasion impact persistence collection credential_access
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks Android system properties for emulator presence.
  evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks Android system properties for emulator presence.

Checks CPU information

Checks memory information

Loads dropped Dex/Jar

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3